Example #1
0
        private async Task <bool> CheckAccess(AuthorizationTree authorizationTree)
        {
            bool result = true;
            // check authorization at the service level
            bool allowServiceAccess = await CheckAccessCore(authorizationTree.DataServiceAuthorization);

            if (authorizationTree.MethodsAuthorization.Any())
            {
                result = await CheckMethodAccess(allowServiceAccess, authorizationTree.MethodsAuthorization);

                if (!result)
                {
                    return(result);
                }
            }
            else if (!authorizationTree.DataManagersAuthorization.Any())
            {
                return(allowServiceAccess);
            }

            foreach (DataManagerAuthorization ownerAuthorization in authorizationTree.DataManagersAuthorization)
            {
                bool allowOwnerAccess = await CheckOwnerAccess(allowServiceAccess, ownerAuthorization);

                result = await CheckMethodAccess(allowOwnerAccess, ownerAuthorization.MethodsAuthorization);

                if (!result)
                {
                    break;
                }
            }

            return(result);
        }
Example #2
0
        /// <summary>
        ///  throws AccesDeniedExeption if user have no rights to execute operation
        /// </summary>
        /// <param name="changeSet"></param>
        public async Task CheckUserRightsToExecute(IEnumerable <MethodInfoData> methods)
        {
            AuthorizationTree authorizationTree = GetServiceAuthorization().GetAuthorizationTree(methods);

            if (!await CheckAccess(authorizationTree))
            {
                throw new AccessDeniedException(string.Format(ErrorStrings.ERR_USER_ACCESS_DENIED, UserName));
            }
        }
Example #3
0
        /// <summary>
        ///  throws AccesDeniedExeption if user have no rights to execute operation
        /// </summary>
        /// <param name="changeSet"></param>
        public async Task CheckUserRightsToExecute(IEnumerable <MethodInfoData> methods)
        {
            AuthorizationTree authorizationTree = GetServiceAuthorization().GetAuthorizationTree(methods);

            if (!await CheckAccess(authorizationTree))
            {
                string user = User == null || User.Identity == null || !User.Identity.IsAuthenticated
                    ? ANONYMOUS_USER
                    : User.Identity.Name;
                throw new AccessDeniedException(string.Format(ErrorStrings.ERR_USER_ACCESS_DENIED, user));
            }
        }
Example #4
0
        public Task <bool> CanAccessMethod(MethodInfoData method)
        {
            AuthorizationTree authorizationTree = GetServiceAuthorization().GetAuthorizationTree(new[] { method });

            return(CheckAccess(authorizationTree));
        }